Académique Documents
Professionnel Documents
Culture Documents
Quest®
ActiveRoles® Server
Provisioning, Administration and Security for Active Directory and Beyond ”We’ve experienced a number of benefits of the
system, not the least of which is faster, easier
Businesses today grow and change at a frantic pace, making Active Directory (AD) management
provisioning. The user-creation process used
one of the most time-consuming IT tasks. administrators struggle to keep up with requests
to take up to 25 minutes, and now can be
to create, change or remove user access to various network resources. With the advent of
accomplished in about a minute.”
compliance regulations like the Sarbanes-Oxley Act (SOX), and the intense scrutiny they place
–Siegfried Jagott
on access to business-sensitive applications, organizations can no longer rely on numerous
Consultant
manual provisioning processes to maintain compliance. Siemens Business Services
Add to that the need to tightly delegate control of AD among various administrative groups,
”Paramount to the success of our Active
provide self-service capabilities to users to lighten the IT burden and involve key people in IT
Directory deployment was having automation,
processes through change approval, it’s no wonder that today’s administrators need help.
self-service, and monitoring solutions in place
ActiveRoles Server can help you automatically provision, reprovision and more importantly, from day one,”
deprovision users quickly, cost-efficiently and securely. ActiveRoles Server provides strictly – David Johnson
enforced role-based security, automated group management, a multi-level workflow designer Director of IT
and web interfaces for self service, to achieve practical user and access lifecycle management Georgian College
for the Windows enterprise and beyond. ActiveRoles Server is part of the Quest One Identity
••Protects critical data by strictly
Solution.
enforcing policies and eliminating
Achieve and Maintain Security and Compliance through Identity unregulated access to resources
and Access Management
••Provides a standardized multi-level
ActiveRoles Server helps you achieve and sustain regulatory compliance by implementing
approval workflow designer process
secure, automated and auditable internal controls over granting access to network resources.
for making changes to Active
You can automate all aspects of the account management process, introducing human input
Directory data
••Automates provisioning,
reprovisioning and deprovisioning for
efficient user lifecycle management
via a change approval process when needed. This simplifies user and group provisioning, policy SYSTEM REQUIREMENTS
enforcement, segregation of duties and delegation of administrative privileges.
Hardware
ActiveRoles Server automates user and group provisioning lifecycle tasks to reduce your • 1 GHz or higher Intel Pentium
administrative workload and increases user access control whether the user is a new hire, compatible CPU (2 GHz+ )
intra-organization transfer or termination. Ben Worthen, in his CIO magazine article, identified • 1 GB of RAM (2 GB )
that, “Failure to segregate duties within applications, and failure to set up new accounts and • 100 MB or more of free hard disk space
terminate old ones in a timely manner…” is the number one IT control weakness among (1 GB )
interviewed CIOs and auditors. Operating Systems:
ActiveRoles Server provides the ability to deprovision users and groups rather than just • Microsoft Windows 2000 Service Pack 4
delete or disable accounts. ActiveRoles Server comes with default policies to automate some or later (Support discontinued 2009)
commonly-scripted deprovisioning tasks, and permits all provision policies to be tailored to an • Microsoft Windows Server 2003, with or
organization’s specific needs. without any Service Pack
• Microsoft Windows Server 2003 x64
Involve Decision-makers within Key IT Processes Editions
ActiveRoles Server automates the ability to accept or deny operation requests (approval • Microsoft Windows Server 2003 R2
workflow) and to monitor the execution of those requests. This complements business rules to • Microsoft Windows Server 2008, 32 or
make provisioning and deprovisioning decisions based on application or data owners input. 64-bit architecture Operating Systems
User Self-Service: With the simple assignment of self-service roles, end users can carry
out self-administrative tasks, such as modifying their personal data through a simple to
DATASHEET
use self-service Web interface. Due to the reliable enforcement of business roles and rules, SYSTEM REQUIREMENTS (cont.)
ActiveRoles Server makes self-administration safe and secure, while allowing IT to manage
Additional Software:
(but not necessarily participate in) these time consuming tasks. • Microsoft SQL Server 2008 Express
Workflow: Provides a rich workflow system for directory data management automation Edition
and integration. Based on Microsoft’s Windows Workflows Foundation technology, this • Microsoft SQL Server 2000 Service Pack
system enables IT to define, automate and enforce management rules quickly and easily. 4 or later
Workflows extend the capabilities of ActiveRoles Server by delivering a framework that • Microsoft SQL Server 2000 Desk top
enables you to combine management rules such as provisioning and de-provisioning Engine (MSDE) Service Pack 4 or later
of identities in the directory, enforce policies on changes to identity data, route data • Microsoft Data Access Components
changes for approval, provide e-mail notifications of particular events and conditions, as (MDAC) version 2.7 or later
well as implement custom actions using script technologies such as Microsoft Windows • Microsoft .NET Framework version 3.5 or
PowerShell. later Service Pack 1
Auditing and Reporting: Provides a complete audit trail, showing who performed what • Microsoft Internet Information Services
actions and who tried to perform actions that were not permitted. A rich suite of reports (IIS) 5.0 or later (IIS 6.0 )
assists in change tracking and policy enforcement audits and Active Directory monitoring • Microsoft Internet Explorer version 6.0 or
and analysis. By logging all actions in a centralized fashion, ActiveRoles Server enables later (IE 7.0 or later )
administrators to quickly troubleshoot and investigate system issues. • Microsoft Exchange Server 2003, with or
without any Service Pack
Temporal Group Memberships: Automates the tasks of adding or removing group
• Microsoft Exchange Server 2007, with or
members that only need group membership for a specific time period. Makes it possible
without any Service Pack
to add or remove members from groups on a scheduled basis, ensuring that particular
users are members of required groups for only the required periods of time.
A Complete and Extensible Solution: Manage key user assets, including AD accounts,
Exchange mailboxes and home directories. It provides a practical approach for managing
the user lifecycle, including provisioning, reprovisioning and deprovisioning. You can
also customize and extend ActiveRoles Server provisioning, management, security and
automation through ActiveRoles Server support for custom scripts. These scripts are
subject to the same roles and rules as users so you can be confident that they will be
executed properly, by the correct people, and trigged by events you define. In addition to
strong scripting support, several optional add-on applications (listed below) can be added
to ActiveRoles Server to provide for advanced management capabilities.
and compliant manner. By empowering the information owner, the burden of access
management and compliance is moved from IT to the person who understands the
business justifications for granting access.
Access
M anager
Ac
le s Configure Ac tive
Ro er Access ce R
v s
S e ve
ol M an
ti
s
es a
Re
r
n sp A
Ac
s io
S e ger
rve
ss n si
i
ig b i l
ov
r/
n it y
Pr
er/
S elf-S e S er v
r v i ce
As s i g n
Access
ve R o l e s
Depro
Activ r ver
Acti
vi s
Se
eR o
i on
les
d r
m
ten fo
A
Att udit an Ex Plat
e st d ss -
ation Cro ct
n ne
S
Ac elf-Se Co
ce s ick
s M r v i ce / Qu
anag
er
ActiveRoles Server plays a key role in Active Directory-centric identity and access management.
5 Polaris Way, Aliso Viejo, CA 92656 | PHONE 800.306.9329 | WEB www.quest.com | E-MAIL sales@quest.com
If you are located outside North America, you can find your local office information on our Web site
Quest Software is a registered trademark of Quest Software, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.
DSW-ARS-US-MJ-20100121